On 29 November 2017 at 23:13, Tony Finch <d...@dotat.at> wrote: > > > On 29 Nov 2017, at 21:18, Dick Franks <rwfra...@acm.org> wrote: > > On 29 November 2017 at 12:17, Andrew Sullivan <a...@anvilwalrusden.com> > wrote: >> >> >> Right, and the authoritative server can't proceed, but the referral is >> necessary. Good, this is helpful, thanks. This also means, of >> course, that in such a response the answer section isn't empty. Is >> this why you call it a "partial referral"? >> > > And said referral could be to an arbitrary node in the DNS tree, i.e. > possibly "upward"? > > Or am I missing something? > > > In this case we’re dealing with an authoritative answer containing a CNAME > pointing out of the server’s authoritative data. > > If the server is authoritative only, then there are three cases: (1) the > CNAME points to a child zone, so the authority section contains a referral > - this is the partial answer plus referral case that Mark described; (2) > the CNAME points to a different non-child zone and the server provides full > answers, in which case the authority section contains the apex records of > the zone containing the CNAME owner; or (3) same as (2) but the server > sends minimal answers with an empty authority section. > > If it is a 1034 hybrid rec+auth server, the 4.3.2 algorithm step 4 > requires the same referral in case (1) because there is a “delegation from > authoritative data”; in case (2) you get an implicit referral from the > cache (which can be upwards). >
I get the picture. Many thanks
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop